CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
81.0%
DISPUTED NOTE: this issue has been disputed by the upstream vendor.
nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka
libnasl) 2.2.11 does not properly check the return value from the OpenSSL
DSA_do_verify function, which allows remote attackers to bypass validation
of the certificate chain via a malformed SSL/TLS signature, a similar
vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed
this issue, stating βwhile we do misuse this function (this is a bug), it
has absolutely no security ramification.β
Author | Note |
---|---|
mdeslaur | related to CVE-2008-5077 upstream says no security ramifications: http://attrition.org/pipermail/vim/2009-January/002133.html letβs ignore this |